Enable SSH on switch
Connect to switch via CLI
Module A1(config)#crypto key generate dsa
Do you want to overwrite the existing DSA keys? [Y | N] :y
DSA key generation started, this may take a few
minutes..................................................................................................................................
.......................................................
DSA key generation complete.
Module A1(config)#crypto key generate rsa
Do you want to overwrite the existing RSA keys? [Y | N] :y
RSA key generation started, this may take a few minutes....................
RSA key generation complete.
Module A1(config)#ip ssh server
Module A1(config)#exit
Module A1#exit
Module A1>en
Password:***********
Module A1#show ip ssh
SSH Server enabled. Port: 22
Protocol Levels: Versions 1 and 2.
SSH Connections Currently in Use: ............. 0
Maximum number of SSH Sessions Allowed: ....... 5
SSH Session Timeout: .......................... 600
RSA key was generated.
DSA key was generated.
SSH Public Key Authentication is disabled.
Active Incoming Sessions.
Ip Address User Name Idle Time Session Time
--------------- --------------- ------------ ------------
Module A1#exit
Module A1>exit
=====================
Disable Telnet
=====================
config
ip telnet server disable
exit
test a telnet connection to see if it fails
========================================================================
Ran the following command from the command line interface :
config t
line vty 0 4
transport input ssh
line 5 15
transport input ssh
copy run start
I tested a telnet connection and it failed. SSH connection worked successfully.
========================================================================
============
Enable HTTPS
============
Module A2(config)#crypto certificate 1 generate
Module A2(config-crypto-cert)#?
common-name Specifies the common name.
country Specifies the country name.
do Run Privileged Exec mode commands.
duration Specifies number of days a self-signed certi fication
would be valid. If unspecified defaults to 3 65 day.
email Specifies the contact email address.
exit To exit from the mode.
key-generate Regenerate SSL RSA key.
location Specifies the location or city name.
organization-name Specifies the organization name
organization-unit Specifies the organization internal unit
show Show configured settings and operational sta tus.
state Specifies the state or province name.
Module A2(config-crypto-cert)#key-generate ?
<cr> Press enter to execute the command.
<length> Specifies the length of the SSL's RSA key. I f
unspecified, length defaults to 1024.
Module A2(config-crypto-cert)#key-generate
Module A2(config-crypto-cert)#exit
Certification Generation Successful..
Module A2(config)#ip http secure-certificate 1
Module A2(config)#ip http secure-server
Module A2(config)#exit
Module A2#show ip http server secure status
HTTPS Server is Enabled. Port : 443
DH Key exchange enabled.
Certificate 1 is active.
Issued by: self-signed
Valid from Mar 8 05:11:14 2006 GMTMar 8 05:11:14 2007 GMT0.0.0.0 to Mar 8 05:11:14 2007 GMT0.0.0.0
Subject: /CN=0.0.0.0
Fingerprint: DF1027F336CC450ED2AC1C740DF24921
Module A2#show ip telnet
Telnet Server is Disabled. Port : 23
Module A2#show ip http server status
HTTP Server is Disabled. Port : 80
No comments:
Post a Comment